<%@ page import="java.sql.*" %>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>

<%
    String username=request.getParameter("username");
    String password=request.getParameter("password");

    //1、注册驱动（公司报道）
    Class.forName("com.mysql.cj.jdbc.Driver");
    //2、获取连接（中标造桥）
    Connection connection = DriverManager.getConnection("jdbc:mysql://mysql.zhledu.cn:3306/school", "school", "zhli2008");
    //3、创建执行对象（获取货车）
    Statement stmt = connection.createStatement();
    //4、创建sql语句（下达命令）
    String sql="SELECT * from t_user t where t.password='"+password+"' AND t.`username`='"+username+"'";
    System.out.println(sql);
    if(sql.contains("--")){
        request.setAttribute("msg","请不要尝试sql注入攻击");
        request.getRequestDispatcher("login.jsp").forward(request,response);
    }
    try{
           ResultSet rs= stmt.executeQuery(sql);
           if(rs.next()){
               session.setAttribute("name",rs.getString("name"));
               response.sendRedirect("index.jsp");
           }else{
               request.setAttribute("msg","用户名密码错误");
               request.getRequestDispatcher("login.jsp").forward(request,response);
           }
    }catch (Exception e){

    }finally {
        connection.close();
    }
%>
